mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-10-09 18:52:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: assorted ActivityPub code only refactors (#8274)

Browse source 
Fix parts of issue https://codeberg.org/forgejo/forgejo/issues/8221
and PR https://codeberg.org/forgejo/forgejo/pulls/4767

- PostgreSQL
- TestActivityPubPerson/SignedRequestValidation

```
    --- FAIL: TestActivityPubPerson/SignedRequestValidation (5.01s)
        api_activitypub_person_test.go:51:
            	Error Trace:	/workspace/forgejo/forgejo/tests/integration/api_activitypub_person_test.go:51
            	Error:      	Received unexpected error:
            	            	Get "http://127.0.0.1:3002/api/v1/activitypub/user-id/2": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
            	Test:       	TestActivityPubPerson/SignedRequestValidation
    testlogger.go:411: 2025/06/24 00:12:27 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/v1/activitypub/user-id/2 for 127.0.0.1:50456, 200 OK in 5032.2ms @ activitypub/person.go:21(activitypub.Person)
```

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8274
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
This commit is contained in:
Michael Jerger 2025-07-25 18:01:43 +02:00 committed by Earl Warren
commit e271c24100
20 changed files with 741 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

26
routers/api/v1/activitypub/reqsignature.go
View file

@ -8,13 +8,13 @@ import (
"forgejo.org/modules/log"
"forgejo.org/modules/setting"
gitea_context "forgejo.org/services/context"
services_context "forgejo.org/services/context"
"forgejo.org/services/federation"
"github.com/42wim/httpsig"
)
func verifyHTTPUserOrInstanceSignature(ctx *gitea_context.APIContext) (authenticated bool, err error) {
func verifyHTTPUserOrInstanceSignature(ctx services_context.APIContext) (authenticated bool, err error) {
if !setting.Federation.SignatureEnforced {
return true, nil
}
@ -28,9 +28,9 @@ func verifyHTTPUserOrInstanceSignature(ctx *gitea_context.APIContext) (authentic
}
signatureAlgorithm := httpsig.Algorithm(setting.Federation.SignatureAlgorithms[0])
pubKey, err := federation.FindOrCreateFederatedUserKey(ctx.Base, v.KeyId())
pubKey, err := federation.FindOrCreateFederatedUserKey(ctx, v.KeyId())
if err != nil || pubKey == nil {
pubKey, err = federation.FindOrCreateFederationHostKey(ctx.Base, v.KeyId())
pubKey, err = federation.FindOrCreateFederationHostKey(ctx, v.KeyId())
if err != nil {
return false, err
}
@ -43,7 +43,7 @@ func verifyHTTPUserOrInstanceSignature(ctx *gitea_context.APIContext) (authentic
return true, nil
}
func verifyHTTPUserSignature(ctx *gitea_context.APIContext) (authenticated bool, err error) {
func verifyHTTPUserSignature(ctx services_context.APIContext) (authenticated bool, err error) {
if !setting.Federation.SignatureEnforced {
return true, nil
}
@ -57,7 +57,7 @@ func verifyHTTPUserSignature(ctx *gitea_context.APIContext) (authenticated bool,
}
signatureAlgorithm := httpsig.Algorithm(setting.Federation.SignatureAlgorithms[0])
pubKey, err := federation.FindOrCreateFederatedUserKey(ctx.Base, v.KeyId())
pubKey, err := federation.FindOrCreateFederatedUserKey(ctx, v.KeyId())
if err != nil {
return false, err
}
@ -70,9 +70,9 @@ func verifyHTTPUserSignature(ctx *gitea_context.APIContext) (authenticated bool,
}
// ReqHTTPSignature function
func ReqHTTPUserOrInstanceSignature() func(ctx *gitea_context.APIContext) {
return func(ctx *gitea_context.APIContext) {
if authenticated, err := verifyHTTPUserOrInstanceSignature(ctx); err != nil {
func ReqHTTPUserOrInstanceSignature() func(ctx *services_context.APIContext) {
return func(ctx *services_context.APIContext) {
if authenticated, err := verifyHTTPUserOrInstanceSignature(*ctx); err != nil {
log.Warn("verifyHttpSignatures failed: %v", err)
ctx.Error(http.StatusBadRequest, "reqSignature", "request signature verification failed")
} else if !authenticated {
@ -81,10 +81,10 @@ func ReqHTTPUserOrInstanceSignature() func(ctx *gitea_context.APIContext) {
}
}
// ReqHTTPSignature function
func ReqHTTPUserSignature() func(ctx *gitea_context.APIContext) {
return func(ctx *gitea_context.APIContext) {
if authenticated, err := verifyHTTPUserSignature(ctx); err != nil {
// ReqHTTPUserSignature function
func ReqHTTPUserSignature() func(ctx *services_context.APIContext) {
return func(ctx *services_context.APIContext) {
if authenticated, err := verifyHTTPUserSignature(*ctx); err != nil {
log.Warn("verifyHttpSignatures failed: %v", err)
ctx.Error(http.StatusBadRequest, "reqSignature", "request signature verification failed")
} else if !authenticated {